diff options
Diffstat (limited to 'trivionomicon/modules')
| -rw-r--r-- | trivionomicon/modules/athena-bccr/default.nix | 14 | ||||
| -rw-r--r-- | trivionomicon/modules/athena-bccr/hm.nix | 14 | ||||
| -rw-r--r-- | trivionomicon/modules/athena-bccr/options.nix | 30 | ||||
| -rw-r--r-- | trivionomicon/modules/athena-bccr/sys.nix | 35 | ||||
| -rw-r--r-- | trivionomicon/modules/default.nix | 3 | ||||
| -rw-r--r-- | trivionomicon/modules/laptop/default.nix | 10 | ||||
| -rw-r--r-- | trivionomicon/modules/laptop/sys.nix | 11 | ||||
| -rw-r--r-- | trivionomicon/modules/sway/default.nix | 13 | ||||
| -rw-r--r-- | trivionomicon/modules/sway/options.nix | 3 | ||||
| -rw-r--r-- | trivionomicon/modules/sway/sys.nix | 45 | ||||
| -rw-r--r-- | trivionomicon/modules/thinkpad/default.nix | 11 | ||||
| -rw-r--r-- | trivionomicon/modules/thinkpad/sys.nix | 30 | ||||
| -rw-r--r-- | trivionomicon/modules/yubico/default.nix | 13 | ||||
| -rw-r--r-- | trivionomicon/modules/yubico/hm.nix | 9 | ||||
| -rw-r--r-- | trivionomicon/modules/yubico/sys.nix | 14 |
15 files changed, 255 insertions, 0 deletions
diff --git a/trivionomicon/modules/athena-bccr/default.nix b/trivionomicon/modules/athena-bccr/default.nix new file mode 100644 index 0000000..93c5660 --- /dev/null +++ b/trivionomicon/modules/athena-bccr/default.nix @@ -0,0 +1,14 @@ +{ + config, + lib, + pkgs, + doctrine, + ... +}: +doctrine.lib.mkModule { + inherit config; + name = "athena-bccr"; + hm = ./hm.nix; + sys = ./sys.nix; + options = ./options.nix; +} diff --git a/trivionomicon/modules/athena-bccr/hm.nix b/trivionomicon/modules/athena-bccr/hm.nix new file mode 100644 index 0000000..0678e3c --- /dev/null +++ b/trivionomicon/modules/athena-bccr/hm.nix @@ -0,0 +1,14 @@ +{ + pkgs, + lib, + cfg, + doctrine, + ... +}: let + athena = pkgs.${doctrine.prefix}.athena-bccr.${cfg.release}; +in { + home.packages = [ + athena.firmador + (athena.gaudi.override {inherit (cfg) gaudiHash;}) + ]; +} diff --git a/trivionomicon/modules/athena-bccr/options.nix b/trivionomicon/modules/athena-bccr/options.nix new file mode 100644 index 0000000..eb61cf5 --- /dev/null +++ b/trivionomicon/modules/athena-bccr/options.nix @@ -0,0 +1,30 @@ +{lib, ...}: +with lib.types; { + hm = { + gaudiHash = lib.mkOption { + type = nullOr str; + default = null; + description = "hash of the Gaudi client"; + }; + + release = lib.mkOption { + type = str; + default = "latest"; + description = "pinned athena-bccr release tag"; + }; + }; + + sys = { + group = lib.mkOption { + type = str; + default = "users"; + description = "user group with full access to the smartcard reader"; + }; + + release = lib.mkOption { + type = str; + default = "latest"; + description = "pinned athena-bccr release tag"; + }; + }; +} diff --git a/trivionomicon/modules/athena-bccr/sys.nix b/trivionomicon/modules/athena-bccr/sys.nix new file mode 100644 index 0000000..631185d --- /dev/null +++ b/trivionomicon/modules/athena-bccr/sys.nix @@ -0,0 +1,35 @@ +{ + pkgs, + lib, + cfg, + doctrine, + ... +}: let + athena = pkgs.${doctrine.prefix}.athena-bccr.${cfg.release}; +in { + environment = { + etc = { + "Athena".source = "${athena.ase-pkcs11}/etc/Athena"; + + "pkcs11/modules/asep11".text = '' + module: ${athena.libasep11} + ''; + }; + + systemPackages = [athena.ase-pkcs11]; + }; + + #FIXME: Extremadamente peligroso si BCCR o MICITT caen, investigar polĂtica nacional de root CA + security.pki.certificateFiles = ["${athena.bccr-cacerts}/root-ca.pem"]; + + services = { + pcscd.enable = true; + + udev.extraRules = '' + # Athena Smartcard Solutions, Inc. ASEDrive V3CR + ATTRS{idVendor}=="0dc3", ATTRS{idProduct}=="1004", MODE="660", GROUP="${cfg.group}", TAG+="uaccess" + ''; + }; + + users.groups.${cfg.group} = {}; +} diff --git a/trivionomicon/modules/default.nix b/trivionomicon/modules/default.nix new file mode 100644 index 0000000..0c0fd4c --- /dev/null +++ b/trivionomicon/modules/default.nix @@ -0,0 +1,3 @@ +{doctrine, ...}: { + imports = builtins.attrValues (doctrine.lib.importAll {root = ./.;}); +} diff --git a/trivionomicon/modules/laptop/default.nix b/trivionomicon/modules/laptop/default.nix new file mode 100644 index 0000000..b908d47 --- /dev/null +++ b/trivionomicon/modules/laptop/default.nix @@ -0,0 +1,10 @@ +{ + config, + doctrine, + ... +}: +doctrine.lib.mkModule { + inherit config; + name = "laptop"; + sys = ./sys.nix; +} diff --git a/trivionomicon/modules/laptop/sys.nix b/trivionomicon/modules/laptop/sys.nix new file mode 100644 index 0000000..252f49c --- /dev/null +++ b/trivionomicon/modules/laptop/sys.nix @@ -0,0 +1,11 @@ +{ + config, + lib, + pkgs, + ... +}: { + services = { + tlp.enable = lib.mkDefault true; + upower.enable = lib.mkDefault true; + }; +} diff --git a/trivionomicon/modules/sway/default.nix b/trivionomicon/modules/sway/default.nix new file mode 100644 index 0000000..9f49e7c --- /dev/null +++ b/trivionomicon/modules/sway/default.nix @@ -0,0 +1,13 @@ +{ + config, + lib, + pkgs, + doctrine, + ... +}: +doctrine.lib.mkModule { + inherit config; + name = "sway"; + sys = ./sys.nix; + options = ./options.nix; +} diff --git a/trivionomicon/modules/sway/options.nix b/trivionomicon/modules/sway/options.nix new file mode 100644 index 0000000..e433039 --- /dev/null +++ b/trivionomicon/modules/sway/options.nix @@ -0,0 +1,3 @@ +{...}: { + sys = {}; +} diff --git a/trivionomicon/modules/sway/sys.nix b/trivionomicon/modules/sway/sys.nix new file mode 100644 index 0000000..9c8b664 --- /dev/null +++ b/trivionomicon/modules/sway/sys.nix @@ -0,0 +1,45 @@ +{ + pkgs, + lib, + ... +}: { + services.libinput.enable = true; + hardware.graphics.enable = true; + + xdg.portal = { + enable = true; + wlr.enable = true; + extraPortals = with pkgs; [xdg-desktop-portal-gtk]; + xdgOpenUsePortal = true; + + # warning: xdg-desktop-portal 1.17 reworked how portal implementations are loaded, you + # should either set `xdg.portal.config` or `xdg.portal.configPackages` + # to specify which portal backend to use for the requested interface. + # + # https://github.com/flatpak/xdg-desktop-portal/blob/1.18.1/doc/portals.conf.rst.in + # + # If you simply want to keep the behaviour in < 1.17, which uses the first + # portal implementation found in lexicographical order, use the following: + # + # xdg.portal.config.common.default = "*"; + config.common.default = "*"; + }; + + environment = { + sessionVariables.NIXOS_OZONE_WL = "1"; + + systemPackages = with pkgs; [ + qt5.qtwayland + qt6.qtwayland + ]; + }; + + programs = { + gtklock = { + enable = lib.mkDefault true; + + config = {}; + modules = []; + }; + }; +} diff --git a/trivionomicon/modules/thinkpad/default.nix b/trivionomicon/modules/thinkpad/default.nix new file mode 100644 index 0000000..e210947 --- /dev/null +++ b/trivionomicon/modules/thinkpad/default.nix @@ -0,0 +1,11 @@ +{ + config, + doctrine, + ... +}: +doctrine.lib.mkModule { + inherit config; + name = "thinkpad"; + sys = ./sys.nix; + requires = ["laptop"]; +} diff --git a/trivionomicon/modules/thinkpad/sys.nix b/trivionomicon/modules/thinkpad/sys.nix new file mode 100644 index 0000000..bc96146 --- /dev/null +++ b/trivionomicon/modules/thinkpad/sys.nix @@ -0,0 +1,30 @@ +{ + config, + pkgs, + lib, + ... +}: { + # For suspending to RAM to work, set Config -> Power -> Sleep State to "Linux" in EFI. + # See https://wiki.archlinux.org/index.php/Lenovo_ThinkPad_X1_Carbon_(Gen_6)#Suspend_issues + # Fingerprint sensor requires a firmware-update to work. + + boot = { + extraModulePackages = with config.boot.kernelPackages; [acpi_call]; + extraModprobeConfig = "options iwlwifi 11n_disable=1 wd_disable=1"; + + # acpi_call makes tlp work for newer thinkpads + kernelModules = ["acpi_call"]; + + # Force use of the thinkpad_acpi driver for backlight control. + # This allows the backlight save/load systemd service to work. + kernelParams = ["acpi_backlight=native"]; + }; + + hardware.firmware = [pkgs.sof-firmware]; + + services = { + fprintd.enable = lib.mkDefault true; + thinkfan.enable = lib.mkDefault true; + tp-auto-kbbl.enable = lib.mkDefault true; + }; +} diff --git a/trivionomicon/modules/yubico/default.nix b/trivionomicon/modules/yubico/default.nix new file mode 100644 index 0000000..71bed70 --- /dev/null +++ b/trivionomicon/modules/yubico/default.nix @@ -0,0 +1,13 @@ +{ + config, + lib, + pkgs, + doctrine, + ... +}: +doctrine.lib.mkModule { + inherit config; + name = "yubico"; + hm = ./hm.nix; + sys = ./sys.nix; +} diff --git a/trivionomicon/modules/yubico/hm.nix b/trivionomicon/modules/yubico/hm.nix new file mode 100644 index 0000000..8d06368 --- /dev/null +++ b/trivionomicon/modules/yubico/hm.nix @@ -0,0 +1,9 @@ +{ + pkgs, + lib, + ... +}: { + home.packages = [ + pkgs.yubikey-manager + ]; +} diff --git a/trivionomicon/modules/yubico/sys.nix b/trivionomicon/modules/yubico/sys.nix new file mode 100644 index 0000000..3cd009f --- /dev/null +++ b/trivionomicon/modules/yubico/sys.nix @@ -0,0 +1,14 @@ +{ + pkgs, + lib, + ... +}: { + environment.etc."pkcs11/modules/ykcs11".text = '' + module: ${pkgs.yubico-piv-tool}/lib/libykcs11.so + ''; + + services = { + pcscd.enable = true; + udev.packages = [pkgs.yubikey-personalization]; + }; +} |